Distributed Spam-for-Hire Network!

The following iP addresses are spamming for a variety of dodgy customers who send to lists with no pretension of opt-in or permission. They were using a scattered group of IP addresses at First Root about a month ago, but appear to have moved onto Linode and OVH. NOT ACCEPTABLE!

SENDING IPs:

45.79.170.233 zrw52.top (Linode)
51.79.48.129 hgg54.surf (OVH)
51.79.53.5 zkz84.top (OVH)
51.79.55.75 wpz28.top (OVH)
51.161.33.204 dxr33.top (OVH)
51.222.155.74 mvs90.top (OVH)
51.222.28.15 fhh85.top (OVH)
51.222.85.235 kzm00.top (OVH)
54.39.151.228 gvw52.top (OVH)
91.228.52.106 gzn350.top (First Root)
91.228.52.219 rwp60.top (First Root)
142.44.210.133 wcm02.top (OVH)
144.217.6.28 gxf05.top (OVH)
167.114.115.116 tmg93.top (OVH)
185.153.228.135 zhw55.top (Bursabil)
185.162.144.205 ghh88.top (Bursabil)
185.162.144.222 wxt60.top (Bursabil)
192.99.152.91 mtn13.surf (OVH)
192.99.154.42 mph59.top (OVH)
192.99.167.199 wzd34.top (OVH)
192.99.168.120 hsm14.top (OVH)
192.99.43.166 dvd11.top (OVH)
192.99.54.57 knd99.top (OVH)
192.99.69.40 wnn44.top (OVH)
193.25.100.238 nnz79.top (First Root)
193.25.101.245 nmr59.top (First Root)
195.110.20.12 twz98.top (First Root)

SPAM SAMPLES:

Received: from nnz79.top (nnz79.top [193.25.100.238])
Date: Thu, 23 Sep 2021 22:##:## +0530
From: Ayesha Schroeder <no-reply@nnz79.top>
Reply-To: info@bestmededuc.org
Subject: Introducing the Medical Google

<snip>

The Medical Google — Finding the best evidence

iSearch Science or the Medical Google helps elucidate the current best
evidence on a topic or clinical question using Google and a Natural
Language AI. It also helps you search for the best and the most relevant
basic science studies.

<snip>

URI: http://t.nnz79.top/track/click/<x>

Received: from fhh85.top (fhh85.top [51.222.28.15])
Date: Fri, 24 Sep 2021 04:##:## +0530
From: Imad Jobs <myjob@fhh85.top>
Reply-To: imad@imadservices.xyz
Subject: Hire Tech Talent has Never Been so Affordable. Hire Now!

<snip>

*Hiring remote talent *

*was never this easy.*

<snip>

URI: http://t.fhh85.top/track/click/<x>

Received: from wcm02.top (wcm02.top [142.44.210.133])
Date: Fri, 24 Sep 2021 14:##:## +0530
From: Arjun <arjun@wcm02.top>
Reply-To: business@coceptualmedia.com
Subject: RE:We need to discuss this

<snip>

Greetings,

We primarily help entrepreneurs, innovators and all kinds of startups or
enterprises to transform their vision into reality. We will make you
achieve tremendous success and create an impact in the competitive
brandscape.

<snip>

Best Regards,

Arjun Joshi
Lead — Business Development,
Coceptual Media
Contact: +91-8076488915

<snip>

<snip>

Received: from nmr59.top (nmr59.top [193.25.101.245])
Date: Mon, 27 Sep 2021 02:##:## +0530
From: Prosperous <prosperous@nmr59.top>
Subject: up to $150,000 in under 10 minutes

<snip>

Automated Line of Credit!

Leave it at a zero balance until you need it, best pricing in the industry! Only fair credit is required to receive a bank quality line of credit.

<snip>

[ Click here to apply ]
[[ http://t.nmr59.top/track/click/<x> ]]

<snip>

Received: from ghh88.top (ghh88.top [185.162.144.205])
Date: Mon, 27 Sep 2021 08:##:## +0530
From: Meet24 <no-reply@ghh88.top>
Reply-To: sales@livemeet24.com
Subject: Meetings

<snip>

Meet24 is a cloud-based video conferencing tool to host or join virtual meetings easily. With powerful audio, crystal clear HD video, collaboration features, screen share viewing capabilities, and attendee controls in the palm of your hand.

<snip>

[ GET STARTED ]
[[ http://t.ghh88.top/track/click/<x> ]]

WHOIS:

NetRange: 45.79.0.0 — 45.79.255.255
CIDR: 45.79.0.0/16
NetName: LINODE-US
NetHandle: NET-45-79-0-0-1
Parent: NET45 (NET-45-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS3595, AS21844, AS6939, AS8001
Organization: Linode (LINOD)
RegDate: 2015-04-29
Updated: 2015-04-29
Comment: Linode, LLC
Comment: http://www.linode.com
Ref: https://rdap.arin.net/registry/ip/45.79.0.0

OrgName: Linode
OrgId: LINOD
Address: 249 Arch St
City: Philadelphia
StateProv: PA
PostalCode: 19106
Country: US
RegDate: 2008-04-24
Updated: 2019-06-28
Comment: http://www.linode.com
Ref: https://rdap.arin.net/registry/entity/LINOD

OrgAbuseHandle: LAS12-ARIN
OrgAbuseName: Linode Abuse Support
OrgAbusePhone: +1-609-380-7100
OrgAbuseEmail: abuse@linode.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/LAS12-ARIN

OrgTechHandle: LNO21-ARIN
OrgTechName: Linode Network Operations
OrgTechPhone: +1-609-380-7304
OrgTechEmail: support@linode.com
OrgTechRef: https://rdap.arin.net/registry/entity/LNO21-ARIN

OrgNOCHandle: LNO21-ARIN
OrgNOCName: Linode Network Operations
OrgNOCPhone: +1-609-380-7304
OrgNOCEmail: support@linode.com
OrgNOCRef: https://rdap.arin.net/registry/entity/LNO21-ARIN

OVH Hosting, Inc. HO-2 (NET-51-79-0-0-1) 51.79.0.0 — 51.79.255.255
OVH Hosting, Inc. VPS-BHS6 (NET-51-79-48-0-1) 51.79.48.0 — 51.79.55.255

OVH Hosting, Inc. HO-2 (NET-51-161-0-0-1) 51.161.0.0 — 51.161.255.255
OVH Hosting, Inc. VPS-BHS6 (NET-51-161-32-0-1) 51.161.32.0 — 51.161.35.255

OVH Hosting, Inc. HO-2 (NET-51-222-0-0-1) 51.222.0.0 — 51.222.255.255
OVH Hosting, Inc. VPS-BHS6 (NET-51-222-155-0-1) 51.222.155.0 — 51.222.155.255

OVH Hosting, Inc. HO-2 (NET-54-39-0-0-1) 54.39.0.0 — 54.39.255.255
OVH Hosting, Inc. VPS-BHS (NET-54-39-144-0-1) 54.39.144.0 — 54.39.151.255

Information related to ‘91.228.52.0 — 91.228.52.255’

% Abuse contact for ‘91.228.52.0 — 91.228.52.255’ is ‘abuse@first-root.com’

inetnum: 91.228.52.0 — 91.228.52.255
netname: DE-FIRST-ROOT-VPS1
country: DE
admin-c: PK9342-RIPE
tech-c: PK9342-RIPE
status: ASSIGNED PA
mnt-by: mnt-de-first-root-1
created: 2021-03-12T08:46:40Z
last-modified: 2021-03-12T08:49:58Z
source: RIPE

role: Patrick Kambach
address: First Root UG (haftungsbeschraenkt)
address: In der Steele 35
address: 40599
address: D�sseldorf
address: GERMANY
phone: +49 211 41741223
nic-hdl: PK9342-RIPE
mnt-by: mnt-de-first-root-1
created: 2019-11-08T10:52:05Z
last-modified: 2019-12-04T16:10:46Z
source: RIPE # Filtered

% Information related to ‘91.228.52.0/24as41108’

route: 91.228.52.0/24
origin: as41108
mnt-by: mnt-de-first-root-1
created: 2019-06-26T08:45:04Z
last-modified: 2019-12-02T14:31:18Z
source: RIPE

OVH Hosting, Inc. HO-2 (NET-142-44-128-0-1) 142.44.128.0 — 142.44.255.255
OVH Hosting, Inc. OVH-VPS-142-44-210 (NET-142-44-210-0-1) 142.44.210.0 — 142.44.211.255

OVH Hosting, Inc. HO-2 (NET-144-217-0-0-1) 144.217.0.0 — 144.217.255.255
OVH Hosting, Inc. OVH-VPS-144-217-4 (NET-144-217-4-0-1) 144.217.4.0 — 144.217.7.255

NetRange: 167.114.0.0 — 167.114.255.255
CIDR: 167.114.0.0/16
NetName: OVH-ARIN-8
NetHandle: NET-167-114-0-0-1
Parent: NET167 (NET-167-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS16276
Organization: OVH Hosting, Inc. (HO-2)
RegDate: 2014-08-29
Updated: 2014-09-02
Ref: https://rdap.arin.net/registry/ip/167.114.0.0

OrgName: OVH Hosting, Inc.
OrgId: HO-2
Address: 800-1801 McGill College
City: Montreal
StateProv: QC
PostalCode: H3A 2N4
Country: CA
RegDate: 2011-06-22
Updated: 2017-01-28
Ref: https://rdap.arin.net/registry/entity/HO-2

OrgAbuseHandle: ABUSE3956-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-855-684-5463
OrgAbuseEmail: abuse@ovh.ca
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3956-ARIN

OrgTechHandle: NOC11876-ARIN
OrgTechName: NOC
OrgTechPhone: +1-855-684-5463
OrgTechEmail: noc@ovh.net
OrgTechRef: https://rdap.arin.net/registry/entity/NOC11876-ARIN

RNOCHandle: NOC11876-ARIN
RNOCName: NOC
RNOCPhone: +1-855-684-5463
RNOCEmail: noc@ovh.net
RNOCRef: https://rdap.arin.net/registry/entity/NOC11876-ARIN

RTechHandle: NOC11876-ARIN
RTechName: NOC
RTechPhone: +1-855-684-5463
RTechEmail: noc@ovh.net
RTechRef: https://rdap.arin.net/registry/entity/NOC11876-ARIN

RAbuseHandle: NOC11876-ARIN
RAbuseName: NOC
RAbusePhone: +1-855-684-5463
RAbuseEmail: noc@ovh.net
RAbuseRef: https://rdap.arin.net/registry/entity/NOC11876-ARIN

% Information related to ‘185.153.228.128 — 185.153.228.143’

% Abuse contact for ‘185.153.228.128 — 185.153.228.143’ is ‘abuse@bursabil.com.tr’

inetnum: 185.153.228.128 — 185.153.228.143
netname: BURSABIL
descr: Bursabil Teknoloji A.S.
descr: info@turk-serv.com
country: TR
admin-c: OS3782-RIPE
tech-c: OS3782-RIPE
status: ASSIGNED PA
org: ORG-BTA44-RIPE
mnt-by: OS94281-MNT
mnt-by: tr-bursabilteknoloji-1-mnt
created: 2017-02-08T22:09:38Z
last-modified: 2018-03-24T11:17:15Z
source: RIPE

organisation: ORG-BTA44-RIPE
org-name: Bursabil Teknoloji A.S.
country: TR
org-type: LIR
address: Gulbahce Mahallesi 5. Gazi Sokak No: 4/B Osmangazi/BURSA
address: 16240
address: Bursa
address: TURKEY
phone: +902242525212
admin-c: BT4165-RIPE
tech-c: BT4165-RIPE
abuse-c: AR45330-RIPE
mnt-ref: tr-bursabilteknoloji-1-mnt
mnt-by: RIPE-NCC-HM-MNT
mnt-by: tr-bursabilteknoloji-1-mnt
created: 2018-02-27T14:08:12Z
last-modified: 2020-12-16T13:33:03Z
source: RIPE # Filtered

person: Bursabil Teknoloji A.S.
address: Gulbahce Mah. 5. Gazi Sk. No: 4/B Osmangazi/BURSA
phone: +902242525212
nic-hdl: OS3782-RIPE
mnt-by: OS94281-MNT
mnt-by: tr-bursabilteknoloji-1-mnt
created: 2013-05-08T14:50:07Z
last-modified: 2018-12-27T01:24:43Z
source: RIPE # Filtered

% Information related to ‘185.153.228.0/24AS60721’

route: 185.153.228.0/24
origin: AS60721
mnt-by: OS94281-MNT
created: 2016-05-25T15:00:40Z
last-modified: 2017-02-25T18:19:00Z
source: RIPE

% Information related to ‘185.162.144.192 — 185.162.144.223’

% Abuse contact for ‘185.162.144.192 — 185.162.144.223’ is ‘abuse@bursabil.com.tr’

inetnum: 185.162.144.192 — 185.162.144.223
netname: BURSABIL
country: TR
admin-c: BT4165-RIPE
tech-c: BT4165-RIPE
status: ASSIGNED PA
mnt-by: tr-bursabilteknoloji-1-mnt
created: 2017-04-10T21:14:02Z
last-modified: 2018-12-25T18:58:21Z
source: RIPE

person: Bursabil Teknoloji
org: ORG-BTA44-RIPE
address: Gulbahce Mah. 5.Gazi Sk. No:4/B Osmangazi/BURSA
phone: +90 224 252 52 12
nic-hdl: BT4165-RIPE
mnt-by: tr-bursabilteknoloji-1-mnt
created: 2018-04-29T21:16:12Z
last-modified: 2018-09-19T15:23:36Z
source: RIPE

% Information related to ‘185.162.144.0/24AS60721’

route: 185.162.144.0/24
origin: AS60721
mnt-by: OS94281-MNT
created: 2016-08-12T09:14:14Z
last-modified: 2018-09-12T14:30:06Z
source: RIPE

NetRange: 192.99.0.0 — 192.99.255.255
CIDR: 192.99.0.0/16
NetName: OVH-ARIN-7
NetHandle: NET-192-99-0-0-1
Parent: NET192 (NET-192-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS16276
Organization: OVH Hosting, Inc. (HO-2)
RegDate: 2013-06-17
Updated: 2013-06-17
Comment: www.ovh.com
Ref: https://rdap.arin.net/registry/ip/192.99.0.0

OrgName: OVH Hosting, Inc.
OrgId: HO-2
Address: 800-1801 McGill College
City: Montreal
StateProv: QC
PostalCode: H3A 2N4
Country: CA
RegDate: 2011-06-22
Updated: 2017-01-28
Ref: https://rdap.arin.net/registry/entity/HO-2

OrgTechHandle: NOC11876-ARIN
OrgTechName: NOC
OrgTechPhone: +1-855-684-5463
OrgTechEmail: noc@ovh.net
OrgTechRef: https://rdap.arin.net/registry/entity/NOC11876-ARIN

OrgAbuseHandle: ABUSE3956-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-855-684-5463
OrgAbuseEmail: abuse@ovh.ca
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3956-ARIN

% Information related to ‘193.25.100.0 — 193.25.100.255’

% Abuse contact for ‘193.25.100.0 — 193.25.100.255’ is ‘abuse@first-root.com’

inetnum: 193.25.100.0 — 193.25.100.255
netname: DE-FIRST-ROOT-VPS15
country: DE
admin-c: PK9342-RIPE
tech-c: PK9342-RIPE
status: ASSIGNED PA
mnt-by: mnt-de-first-root-1
created: 2021-03-12T08:59:31Z
last-modified: 2021-03-12T08:59:31Z
source: RIPE

role: Patrick Kambach
address: First Root UG (haftungsbeschraenkt)
address: In der Steele 35
address: 40599
address: D�sseldorf
address: GERMANY
phone: +49 211 41741223
nic-hdl: PK9342-RIPE
mnt-by: mnt-de-first-root-1
created: 2019-11-08T10:52:05Z
last-modified: 2019-12-04T16:10:46Z
source: RIPE # Filtered

% Information related to ‘193.25.100.0/24AS41108’

route: 193.25.100.0/24
origin: AS41108
mnt-by: mnt-de-first-root-1
created: 2019-06-26T08:42:00Z
last-modified: 2019-12-02T14:28:31Z
source: RIPE

% Information related to ‘195.110.20.0 — 195.110.20.255’

% Abuse contact for ‘195.110.20.0 — 195.110.20.255’ is ‘abuse@first-root.com’

inetnum: 195.110.20.0 — 195.110.20.255
netname: DE-FIRST-ROOT-VPS19
country: DE
admin-c: PK9342-RIPE
tech-c: PK9342-RIPE
status: ASSIGNED PA
mnt-by: mnt-de-first-root-1
created: 2021-03-12T09:03:29Z
last-modified: 2021-03-12T09:03:29Z
source: RIPE

role: Patrick Kambach
address: First Root UG (haftungsbeschraenkt)
address: In der Steele 35
address: 40599
address: D�sseldorf
address: GERMANY
phone: +49 211 41741223
nic-hdl: PK9342-RIPE
mnt-by: mnt-de-first-root-1
created: 2019-11-08T10:52:05Z
last-modified: 2019-12-04T16:10:46Z
source: RIPE # Filtered

% Information related to ‘195.110.20.0/24as41108’

route: 195.110.20.0/24
origin: as41108
mnt-by: mnt-de-first-root-1
created: 2019-06-26T08:49:07Z
last-modified: 2019-12-02T14:29:29Z
source: RIPE

Опубликовано
В рубрике ovh.net

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *